6819_4_5_4

Refresh Token Phishing by Counterfeit Authorization Server

An attacker could try to obtain valid refresh tokens by proxying requests to the authorization server. Given the assumption that the authorization server URL is well-known at development time or can at least be obtained from a well-known resource server, the attacker must utilize some kind of spoofing in order to succeed.

OAuth 2.0 Threat Model and Security Considerations (RFC6819, section 4.5.4)

Mitigations

This threat is considered fully mitigated if all the test cases from the following test set succeed.

The impact factor is a measure that indicates how important a given countermeasure is towards mitigating a threat.

Back to the threat overview